Search Try Aqua

Layered, Full Lifecycle Cloud Native Security Platform

Securing containerized, serverless and VM-based applications, from CI/CD pipelines to production runtime environments.
Runs on-prem or in the cloud, at any scale.

Leverages Modern SDLC to Improve Security

We secure applications before they are deployed, mitigating risk, enforcing immutability and easily detecting and blocking anomalies based on the application context.

Designed for Scale
and Performance

We built our platform for the growing needs of the world's largest enterprises. It can scan thousands of images daily, and protect clusters with thousands of nodes, with minimal performance impact.

Built for Multi-Tenant Environments

Manage multiple team deployments or multiple customer tenancies using a central console. Maintain separation of data and access, ensuring complete isolation between tenants.

Secure Once, Run Anywhere

Wherever you run your cloud-native applications, Aqua integrates with your choice of infrastructure to deliver comprehensive security and compliance.
kubernetes
windows server
ibm cloud
google cloud openshift
mesosphere
azure
rancher
PKS aws docker pivotal
Cloud Native security architecture: How Aqua fits into your environment

Hover over parts of the diagram for more information

Cloud VM Security and Compliance
Automate the security of VMs in your private, public and hybrid cloud environments, using a policy-driven approach with single-pane-of-glass visibility across containers, serverless, and VM-based workloads. Scan VMs for vulnerabilities and malware, apply File Integrity Monitoring (FIM), track user activity, and prevent VM configuration drift.
Learn about VM Security ›
Blog
Cloud VM Security
with Aqua CSP
Vulnerability Management
Aqua scans VMs, container images and serverless functions for known vulnerabilities, embedded secrets, configuration and permission issues, malware and open-source licensing. Based on a constantly updated stream of aggregate sources (CVEs, vendor advisories, and proprietary research), we ensure up-to-date, broad coverage while minimizing false positives that often occur when using only a single source.
Any of the parameters can be used to create custom image assurance policies that prevent artifacts from being built, progressed in the CI pipeline, or run in production.
Blog
Trivy Image Vulnerability Scanner Now Under Apache 2.0 License
Runtime Protection
Aqua prevents untrusted code from running, and ensures that VMs, containers and functions remain immutable, preventing any changes to running workloads compared with their originating images.
You can monitor and control activity in real time, based on custom policies and machine-learned behavioral profiles. Alert on or block suspicious activities and processes without killing or pausing workloads, ensuring business continuity for your critical applications.
eBook
Operating Kubernetes Clusters and Applications Safely
Blog
Visualize and Prioritize Risks in Kubernetes with Aqua Risk Explorer
Secrets Management
Aqua securely delivers secrets to containers at runtime, encrypted in transit and at rest, loading them in memory with no persistence on disk, where they are only visible to the container that needs them. Integrate with your existing enterprise vault, such as HashiCorp, CyberArk, AWS KMS or Azure Vault, and transparently update, revoke, and rotate secrets with no need to restart containers. We also give you visibility into which secrets are being used, and in which running containers.
Aqua's integration with Vaults ›
Whitepaper
The Ultimate Guide to Secrets Management in Containers
Blog
Protecting Kubernetes Secrets:
A Practical Guide
Embedded CI/CD Scanning
Aqua provides native plug-ins as well as a CLI tool that automate image scanning within CI tools such as Jenkins, Bamboo, Azure DevOps or TeamCity. As a step in the image build, developers can view scanning results and suggested mitigation from within a familiar environment. Security teams can use this to prevent artifacts that violate policy from being built and ensure that dev teams have the information they need to secure images early on.
Webinar
Dynamic Analysis of Container Images for Detecting Stealthy Malware
Webinar
Just Download and Run – Trivy Open Source Scanner for Container Images
Dynamic Analysis of Container Images
“Shift left” attack prevention by automatically scan container images in your registries and CI/CD pipelines for hidden malware by dynamically analyzing their behavior in a secure sandbox. Discover sophisticated malware hidden in open source packages and 3rd party images, preventing attacks on your container-based applications, including credential theft, cryptocurrency mining, and data exfiltration.
More about Dynamic Container Analysis ›
Blog
Dynamic Threat Analysis for Container Images: Uncovering Hidden Risks
Workloads Firewall
Aqua limits the "blast radius" of attacks by limiting VM, container, and serverless function networking to defined nano-segments based on application context. Automatically discover network connections and get suggested contextual firewall rules that whitelist legitimate connections based on service identity, URLs or IPs. Block or alert on unauthorized network activity.
The Aqua workloads firewall works seamlessly with popular network plugins such as Weave or Flannel, and with service meshes such as Istio.
Compliance & Auditing
Aqua makes it easy to prove compliance with regulations such as PCI-DSS and HIPAA, as well as to adhere to best practices from NIST and CIS, with out-of-the-box default policies. We help you ensure that your clusters, VMs, nodes, containers and functions are properly hardened and monitored, and provide granular event logging for everything from login attempts, to secrets use, to container start/stop events, to policy violations.
Aqua integrates with many log analysis and SIEM tools, such as Splunk, ArcSight, LogRhythm and others, to enable you to manage auditing centrally.
More on Compliance and Auditing ›
Blog
Kube-Bench: An OSS Tool for Running Kubernetes CIS Benchmark Tests
Webinar
Deploying a PCI DSS-Compliant Kubernetes Cluster
Platform Integrations
Aqua integrates into your existing infrastructure, making it easy to manage DevSecOps collaboration, event monitoring, logging and reporting, and incident response. With dozens of pre-built integrations, you can share alerts through Slack, open vulnerability tickets in Jira, send event data to Splunk, QRadar or ArcSight, or monitor with Datadog or Sumo Logic, as well as many others.
With full REST API access, we can easily integrate with additional systems.
VIEW ALL INTEGRATIONS ›

Useful Resources

Blog
Cloud Native Security Best Practices: Vulnerability Management
Solution Sheet
Aqua Security: The Comprehensive Security Platform for Containers, Serverless and Cloud Native Applications
eBook
Operating Kubernetes Clusters and Applications Safely
Research and Reports
Securosis Analyst Report:
The Guide to Enterprise Container Security
Ready to take the plunge?
Try Aqua

    Aqua Security helps enterprises secure their cloud native applications from development to production, whether they run using containers, serverless, or virtual machines. Aqua bridges the gap between DevOps and security, promoting business agility and accelerating digital transformation.

    Aqua’s Cloud Native Security portfolio provides full visibility and security automation across the entire application lifecycle and infrastructure, using a modern zero-touch approach to detect and prevent threats while simplifying regulatory compliance. Aqua customers include some of the world’s largest financial services, software development, internet, media, hospitality and retail companies, with implementations across the globe spanning a broad range of cloud providers and on-premise technologies.

Privacy Policy | Terms of Use
Copyright © 2020 Aqua Security Software Ltd.